Your home should always be a comforting and inviting space for you and your loved ones, but it should also be the place where you feel most safe. Fortunately, over the past decade, new technology has made it easier than ever to set up protection with easily installed cameras, smart locks, and monitors that can even allow you to keep an eye on your property from afar. But if you happen to own one popular home security system, two recently discovered vulnerabilities may be putting you at risk. Read on to see which product you may want to replace for safety's sake.
RELATED: If You Get This Message From Amazon, Don't Open It, Experts Warn.
The Fortress S03 security system has two major vulnerabilities that could be putting you at risk.
If your home is equipped with the Fortress S03 security system, you may inadvertently be putting your safety at risk. According to cybersecurity company Rapid7, a pair of major vulnerabilities makes it possible for potential intruders to disarm the system using relatively simple tactics.
The company says it first discovered the security lapses three months ago and reached out to Fortress about the potential risks, TechCrunch reports. Rapid7 publicly released information on the vulnerabilities after Fortress failed to respond to messages and saw the only acknowledgment of outreach was to close a support ticket without comment.
Cybersecurity experts say the security system can be disarmed by using a homeowner's email address.
According to Rapid7, the Fortress S03 system relies on a Wi-Fi connection to maintain its motion sensors, cameras, and sirens and allow customers to check on their homes from a mobile app. It also uses a radio-controlled fob key to turn the system on and off whenever coming or going from their property.
However, the cybersecurity company found that the system relies on an unauthenticated API, making it possible for hackers or criminals to gain access to specific devices' unique International Mobile Equipment Identity (IMEI) numbers simply by knowing the email address associated with an account. This then allows them to arm or disarm the system remotely, TechCrunch reports.
RELATED: If You See This on Your iPhone, Don't Click It, Experts Warn.
A vulnerability with fobs can also be exploited to disarm the system easily.
But a potential intruder may not even need to know your personal email address to gain access to your home. Rapid7 said it also found that the system's fobs operated by using unencrypted radio signals to arm and disarm it, making it relatively easy for someone to pick up the unscrambled frequencies and replay them to shut the system down.
While the process of snooping a radio frequency might sound lofty, one expert warns that it can be done relatively easily with the right know-how. "The attacker would need to be both reasonably conversant in SDR in order to capture and replay the signals and be within reasonable radio range," Tod Beardsley, director of research at Rapid7, told Threatpost. "What that range is would depend on the sensitivity of the gear being used, but typically this sort of eavesdropping requires line of sight and pretty close proximity—across the street or so."
For more helpful tech tips delivered straight to your inbox, sign up for our daily newsletter.
Using a designated email address could help keep you safe from someone accessing your devices.
Ultimately, experts say it's unlikely that a random intruder will be able to make use of the vulnerabilities in the system. "The likelihood of exploitation of these issues is pretty low," Beardsley told Threatpost. "An opportunistic home invader is not likely to be a cybersecurity expert, after all. However, I am concerned about a scenario where the attacker already knows the victim well, or at least, well enough to know their email address, which is all that is really required to disable these devices from over the internet."
Beardsley admits that "very little" can be done about the easily exploitable fobs except to avoid using products linked to Fortress. But there's still a way you can avoid having your system exploited by someone using your email address. "We suggest registering the device with a secret, one-time-use email address that can function as a sort of weak password," Beardsley told Threatpost. "Absent an authentication update from the vendor, I feel like this is an okay workaround."
RELATED: If You Hear This When You Answer the Phone, Hang Up Immediately.
Zachary Mack Zach is a freelance writer specializing in beer, wine, food, spirits, and travel. He is based in Manhattan.Read moreFiled UnderHome • News • SafetyRead This NextOne Thing You Need to Do on Your Phone Once a Week
Protecting your sensitive information can be as easy as this simple step.July 28, 2021If You Have This Security System, Turn It Off Now
A software bug has turned these security cameras into a security concern.May 18, 2021The Smart Man's Guide to Spotting Counterfeit Wine
That $2,000 bottle of Bourdeaux might be worth $20. Here’s how to be sure it’s the real thing.April 13, 2017The 5 Best Light-Bodied Red Wines for Extending Your Summer
Don't let September ruin a killer party. August 25, 201717 Insanely Cool New Luxury Bicycles for Spring
Meet the bikes that cost more than a car.March 31, 2017Best Life Essentials
You deserve the best. Live life to the fullest with these ultimate essentials.October 21, 2016This Is the Safest Way to Store Meat
Don't let that filet set you up for food poisoning. February 7, 2018Here Are the 10 Wealthiest Cryptocurrency Millionaires Under 40
Including one guy who is only 24 years-old!February 7, 2018This Is the Safest Way to Clean Your Floors
Keep your floors clean and looking brand new with this easy tip. February 8, 201815 Things Your Real Estate Agent Won't Tell You
These are sure to shock even the most intrepid homebuyers. February 14, 2018
